A phishing scheme may have exposed 700 Comcast customers

A document that appeared on the online sharing service Scribd appeared to show thousands of comcast.net accounts, along with their passwords. It was probably posted there as a display of somebody's phishing prowess, though it would appear it took two months or more before anyone finally noticed.

Well, someone finally noticed. As it turns out, only about 700 of those 4,000 or so addresses were for real Comcast subscribers, the company confirmed to Betanews this morning, which creates some doubt as to whether the would-be phisher stole these account names from Comcast itself or from a really bad screen-scraper routine.

"We started contacting customers yesterday and are notifying them of the situation and walking them through what they can do about it -- install up to date security software, change their passwords and remain highly suspicious of ever sharing their user name or password with anyone," Comcast spokesperson Charlie Douglas told Betanews. "The document has been taken down from Scribd and we're working with authorities and will help with their investigation."

Douglas suggested that customers who haven't been contacted yet by Comcast, but who believe their account names could have been included in this document, can obtain more information from their security support staff.